Choosing an SP connection type - PingFederate

Page created: 15 Jul 2020 |

Page updated: 9 Feb 2021

| 2 min read

Product PingFederate 10.2 Configuration User task Software Deployment Method Product documentation Content Type Administrator Audience Single Sign-on (SSO) Capability

You can manually create service provider (SP) connections in PingFederate using browser single sign-on (SSO), WS-Trust security token service (STS), outbound provisioning, or any combination thereof.

If you are not using a connection template, which pre-configures browser-based SSO, indicate on the Connection Type tab whether the connection to this partner is for Browser SSO, WS-Trust STS, outbound provisioning, or any combination of them.

Tip:

You can add STS, OAuth, and outbound provisioning support to any existing SSO connection, or vice versa, at any time.

Note:

If your partner's deployment supports multiple protocols and you intend to communicate using more than one, you must set up a separate connection for each protocol. Each connection must use a unique (partner) connection ID.

Go to Applications > Integration > SP Connections.
Click Create Connection.
Select Do not use a template for this connection.
To configure a connection for secure browser-based SSO, select the Browser SSO Profiles check box.

If you are not using a connection template, you must select the applicable protocol from the list when establishing a new connection.

For a WS-Federation connection, select the desired token type, either SAML 1.1, SAML 2.0, or JWT (JSON Web Token).

Note:
For information about creating a SAML application, see Configuring a SAML application in PingFederate.

Tip:
If you are creating a WS-Federation connection to Microsoft Windows Azure Pack, select JWT as the token type.

Tip:
PingFederate can encrypt the subject and attributes of SAML 2.0 assertions.

For information about configuring encryption policies on a PingFederate identity provider (IdP), see Configuring XML encryption policy (SAML 2.0).

For information about configuring encryption policies on a PingFederate SP, see Specifying XML encryption policy (for SAML 2.0).

Optional: Choose one or both of the following depending on your configuration needs.

Connection Template	Step
WS-TRUST STS	Select the WS-Trust STS check box.
Outbound Provisioning	Select Outbound Provisioning and then select the provisioning type from the list.

If your PingFederate license manages connections by groups, select a license group for this connection.

This option is not shown for unrestricted or other types of licenses.
To save your settings, click Next.

Choosing an SP connection type - PingFederate - 10.2

PingFederate Server